Adding Conditional Access Policy Implementation Instructions to AAD 1…

….1 (#1312) * changes to 1.1 instructions * removed link * added numbers to make more consistent * Update PowerShell/ScubaGear/baselines/aad.md Co-authored-by: Ted Kolovos <[email protected]> --------- Co-authored-by: Ted Kolovos <[email protected]>
cisagov · Nov 11, 2024 · 4f4233c · 4f4233c
1 parent 1e69fea
commit 4f4233c
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/PowerShell/ScubaGear/baselines/aad.md b/PowerShell/ScubaGear/baselines/aad.md
@@ -88,9 +88,19 @@ Legacy authentication SHALL be blocked.
 
 #### MS.AAD.1.1v1 Instructions
 
-- [Determine if an agency’s existing applications use legacy authentication](https://learn.microsoft.com/en-us/entra/identity/conditional-access/block-legacy-authentication#identify-legacy-authentication-use) before blocking legacy authentication across the entire application base.
+1. [Determine if an agency’s existing applications use legacy authentication](https://learn.microsoft.com/en-us/entra/identity/conditional-access/block-legacy-authentication#identify-legacy-authentication-use) before blocking legacy authentication across the entire application base.
 
-- Create a [Conditional Access policy to block legacy authentication](https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-block-legacy).
+2. Create a Conditional Access policy to block legacy authentication
+
+<pre>
+  Users > Include > <b>All users</b>
+
+  Target resources > Cloud apps >  Include > <b>All cloud apps</b>
+
+  Conditions > Client apps > Configure > <b>Yes</b> > Legacy authentication clients > Select only <b>Exchange ActiveSync clients</b> and <b>Other clients</b>
+
+  Access controls > Grant > <b>Block Access</b>
+</pre>
 
 ## 2. Risk Based Policies